package com.wb.config;

import com.wb.bean.user.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import java.util.HashMap;
import java.util.Map;

public class CustomJwtAccessTokenConverter extends JwtAccessTokenConverter {

    private final Logger logger = LoggerFactory.getLogger(CustomJwtAccessTokenConverter.class);

    private static final String BEARER_PRIFIX = "bearer ";

    @Override
    public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
        logger.info(" /- map : {} " , map);
        return super.extractAuthentication(map);
    }

    /**
     * 这个是token增强器，想让jwt token携带额外的信息在这里处理
     * @param accessToken
     * @param authentication
     * @return oAuth2AccessToken
     */
    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        if (accessToken instanceof DefaultOAuth2AccessToken) {
            Object principal = authentication.getPrincipal();

            // 这个principal是当时登录后存到securiy的东东，一般是用户实体，自己debug一下就知道了
            if (principal instanceof User) {
                User user = (User) principal;
                HashMap<String, Object> map = new HashMap<>();

                //jwt默认已经自带用户名，无需再次加入
                map.put("user", user);
                ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(map);
            }
            logger.info("/- accessToken :{} , authentication : {}" , accessToken, authentication);
        }
        return super.enhance(accessToken, authentication);
    }


    //主要是资源服务器解析时一定要有bearer这个头才认为是一个oauth请求，但不知道为啥指定jwt后这个头就不见了，特意加上去
    @Override
    protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        return BEARER_PRIFIX + super.encode(accessToken, authentication);
    }
}
